[x]

ND detection configuration commands > ipv6 nd detection trust

 

 Next

ipv6 nd detection trust

Syntax

ipv6 nd detection trust

undo ipv6 nd detection trust

View

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default level

2: System level

Parameters

None

Description

Use ipv6 nd detection trust to configure a port as an ND-trusted port.

Use undo ipv6 nd detection trust to configure a port as an ND-untrusted port.

By default, a port is ND-untrusted. In an ND detection-enabled VLAN, ports are assigned two roles: ND-trusted and ND-untrusted.

On an ND-trusted port, the ND detection function does not check ND packets for address spoofing.

On an ND-untrusted port, RA and RR messages are considered illegal and discarded directly. All other ND packets in the VLAN are checked for source spoofing.

Examples

# Configure Layer 2 port Ethernet1/0/1 as an ND-trusted port.

<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] ipv6 nd detection trust

# Configure interface Bridge-Aggregation 1 as an ND-trusted port.

<Sysname> system-view
[Sysname] interface bridge-Aggregation 1
[Sysname-Bridge-Aggregation1] ipv6 nd detection trust

prev

 

up

 next

ipv6 nd detection enable 

home

 reset ipv6 nd detection statistics

© Copyright 2016 Hewlett Packard Enterprise Development LP